Before using the Nectar Research Cloud, it is important to consider whether the data your research project contains or uses can be appropriately stored and analysed within a standard allocation on Nectar, or whether another platform or environment may be needed. If your data are sensitive, your institution may have its own data governance framework, policies, and procedures with which you must conform.
Please note your institutional framework and policies take precedence over these guidelines. You should discuss with your institution about the viability of using Nectar and implementing appropriate safeguards.
An ARDC project for coordinating research data management across Australian universities developed a sensitive Data Classification Framework that classifies data into four levels of sensitivity:
Figure 1: The Data Classification Framework*. The framework is designed with a simple, ordinal structure that uses a colour gradient (Green to Red) rather than subjective text labels, to classify data on a scale of risk.
Green: Data misuse (unauthorised access, alteration, loss, misuse, or disclosure) would have little to no impact.
Yellow: Data misuse unlikely to cause harm or have a negligible adverse impact.
Orange: Data breach or misuse may have a major adverse impact to your university or an external party. Release could be a regulatory offence.
Red: Data breach or misuse expected to cause severe harm to your university or an external party. Release could be a regulatory or criminal offence.
Guidelines for Nectar Research Cloud Usage
Green data
- Can safely be used within a standard allocation on the Nectar Research Cloud.
- Examples include: publicly available open data, public-facing websites.
Yellow data
- May be stored on the Nectar Research Cloud.
- Depending on your institution’s governance framework, you may be required to implement appropriate security safeguards for your allocation, which may also require you to complete a risk assessment.
- Examples include: de-identified personal information, commercially sensitive data.
Orange data
- Should not be stored or processed within a standard allocation on the Nectar Research Cloud.
- Disclosure to third parties is for specific purposes and requires authorisation.
- You should seek alternative options that meet your University/Institution data governance requirements.
- Suitable environments for consideration may include QCIF’s Keypoint, which runs on a separate restricted access region of the Nectar Research Cloud, and Monash’s SeRP services.
- Examples include: personally identifiable data as defined by the Privacy Act; re-identifiable sensitive data; data with ‘commercial in confidence’ or other contractual restrictions; culturally, ecologically or commercially sensitive data.
Red data
- Should not be stored or processed within a standard allocation on the Nectar Research Cloud.
- Disclosure to third parties is for specific purposes and requires authorisation.
- You should seek alternative options that meet your University/Institution data governance requirements.
- Suitable environments for consideration may include QCIF’s Keypoint, which runs on a separate restricted access region of the Nectar Research Cloud, and Monash’s SeRP services.
- Examples include: operational records that are strategic, highly confidential, or tightly restricted; data involving national security or intended for use in military applications; data with extreme commercial or strategic sensitivity including trade secrets; unpublished research with significant ethical implications or commercial potential.
Summary
To determine whether sensitive research data can be used on the Nectar Research Cloud:
Identify the sensitivity level of your data using the data classification system.
- For Green data, you may proceed with using Nectar Research Cloud.
- For Yellow data, conduct a risk assessment and implement necessary security measures before using the Nectar Research Cloud.
- For Orange or Red data, work with your university or institution to seek alternative secure storage and processing solutions.
Additional Considerations
Consult with your university’s research data management and IT support team for further guidance and support.
* The Data Classification Framework was sourced from:
Charlesworth, J., Abdel Alim, M., Brown, D., Burton, N., D’Costa, K., Cho, K. L., Healy, N., Lynn, H., Morse, J., Soo, A. L., & Splawa-Neyman, P. (2024). Decoding sensitive data management. Zenodo. https://doi.org/10.5281/zenodo.10403632
This was an output from the ARDC Institutional Underpinnings program for coordinating research data management across Australian universities.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article